The truth about BlackBerry’s encryption

I’ve been thinking of not writing this piece in order to let the criminal underworld continue to operate, wrapped tightly in the warm blanket of incompetence. However, if you’re an aspiring hoodlum or simply a curious, law abiding BBM addict, this article might be of interest to you. I draw from Ronen Halevy’s analysis at the excellent Berry Review, so click through if you’re interested in some furtherreading.

There’s this notion that communication from BlackBerry to BlackBerry is always secure. Before BBM was ever the network of choice for “angry youfs”, way before Curves were available in hot pink *shudder* businesses depended on BlackBerry Enterprise Server or BES for secure corporate communication. BES connects to existing corporate email servers like Microsoft Exchange and acts as a relay to allow employees to securely send and receive push-email on the go, with their BlackBerries.

Communications between BES and BlackBerries are encrypted with Triple DES or AES encryption and only the company running the BES instance have the encryption keys. That means that RIM cannot provide these keys to government organisations.

If you’re like me and your BlackBerry is not connected to a BlackBerry Enterprise Server, you’re using the BlackBerry Internet Service or BIS. BIS provides the benefits of push-email to the masses. You can organise a riot, or orchestrate an assassination, and you don’t even have to be wearing a suit and tie. Instead of connecting to corporate BES, you connect to a BIS server operated by your mobile carrier.

Here’s the catch criminal, are you listening? Your emails between your BlackBerry and the BlackBerry Internet Service are not encrypted.

Unlike BlackBerry to BlackBerry communication on BES, BIS email messages are not encrypted before they travel over a mobile carrier’s network. For BIS users, only the mobile carrier’s standard 3G/2G protection applies.

Email messages sent between the BlackBerry Internet Service and the BlackBerry Internet Service subscriber’s BlackBerry smartphone are not encrypted. When transmitted over the wireless network, the email messages are subject to the existing or available network security model(s).

When RIM reached agreements with Indian and the Middle Eastern governments after continued pressure, they merely provided wiretapping aid according to the laws — such as RICA/RIPA — as there was no need for decryption.

What about BBM?

If you’re a BES user, your IT department has the option of encrypting the body — not the PIN — of your PIN-to-PIN BBM messages with a key unique to the company. By default, however, BBM messages are not encrypted because it restricts PIN-to-PIN BBM communication to only employees of the company, instead, they are scrambled. Scrambling is done with a universal cryptographic key that every BlackBerry has.

The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives. Your organisation can use a global PIN encryption key, a PIN encryption key that is specific to your organisation, or both.

RIM can provide this universal key to governments to unscramble messages even in a BES environment — if no additional encryption is applied.

By default BBM messages in a BIS environment uses the scrambling method. Once again hoodlums, your BBM messages are not secure.

Your carrier knows your BlackBerry PIN. If a mobile carrier or government intercepted your BBM message and routed it to any other BlackBerry device by manipulating the message header, the message will be readable on that device.

Since your PIN is tied to your device and you sell it, the new owner will receive any messages addressed to your old PIN. If you have a history with nefarious activities, best hold on to your BlackBerry, or burn it when you upgrade.

Perhaps if governments were more aware of how BlackBerry operates, they would more readily lay down their pitchforks and pursue an informed course of action.

A good breakdown of the security at play, with one minor error: the default setting for P2P (PIN & BBM) messaging on a BlackBerry Enterprise Server is no different than the non-BES default. You are only limited to using those protocols within your organization if P2P encryption is enabled on the BES, but if it is not, you remain free to P2P with anyone you want (though BES also makes it possible – though not the default setting – to log PIN and BBM messages from connected devices).

http://twitter.com/martincarstens martin’

Thank you for the comment. I attempted to explain what you managed to make more ostensible by the following:

“By default, however, BBM messages are not encrypted because it restricts
PIN-to-PIN BBM communication to only employees of the company, instead,
they are scrambled.”

Scrambling being the default and therefore allowing regular PIN-to-PIN communication with devices outside the company. As you rightly point out, once the company imposes encryption, you are limited to company wide only.

http://twitter.com/martincarstens martin’

Thank you for the comment. I attempted to explain what you managed to make more ostensible by the following:

“By default, however, BBM messages are not encrypted because it restricts
PIN-to-PIN BBM communication to only employees of the company, instead,
they are scrambled.”

Scrambling being the default and therefore allowing regular PIN-to-PIN communication with devices outside the company. As you rightly point out, once the company imposes encryption, you are limited to company wide only.

Steve

What about end to end encryption on email using a certificate? Blackberry has long had the lead here.

What about two different users, from two different BES environments, are those communications encrypted? for example one user from company xyz (that runs BES) communicating with another user from company abc (that runs a different BES), are there communications encrypted?